Introduction

The SOG-IS agreement was produced in response to the EU
Council Decision of March 31st 1992 (92/242/EEC) in the field
of security of information systems, and the subsequent Council
recommendation of April 7th (1995/144/EC) on common
information technology security evaluation criteria.

The agreement was updated in January 2010 and the full text
can be downloaded in the section "Agreement"
of the Web site. Participants in this Agreement are government
organisations or government agencies from countries of the
European Union or EFTA (European Free Trade Association),
representing their country or countries. As of June 2011, the
national bodies participating in the agreement are:

Coordinate the standardisation of Common Criteria
protection profiles and certification policies between
European Certification Bodies in order to have a common
position in the fast growing international CCRA group

Coordinate the development of protection profiles
whenever the European commission launches a directive that
should be implemented in national laws as far as IT-security
is involved

The agreement provides for member nations to participate in
two fundamental ways:

As certificate consuming participants and

As certificate producers

For certificate producing nations there are also two levels
of recognition within the agreement:

Certificate recognition up to EAL4 (as in CCRA)

Certificate recognition at higher levels for defined
technical areas when schemes have been approved by the
management committee for this level.

Rationale for the updated SOG-IS Agreement

The original agreement signed in 1997 (updated to incorporate the use of Common Criteria in 1999)
was updated in 2010 for two reasons; firstly to provide a
robust mechanism allowing new schemes to take part as
certificate producers and, secondly, to limit the higher
levels of recognition to agreed technical domains where
adequate agreement around evaluation methodology, laboratory
requirements, attack methods etc. are in place.

Further Information

The following pages provide more detail. Contact with the
group can also be made through any of the participating
schemes.